Artificial Intelligence

Comodo Advanced Endpoint Protection (AEP) uses artificial intelligence to supplement other malware
detection mechanisms. While traditional signature-based antivirus program can knock down the most common malware variants, it cannot
catch zero days nor all of the malware variants proliferating in the wild.

Machine Learning

Machine learning is a vast and ever-changing field, and Comodo uses the latest machine learning techniques to determine to
determine if a file is malicious or benign. Comodo has created a predictive model started with collecting a huge number and
variety of malicious and benign files. Features are extracted from files along with the files’ label (e.g. good or bad).
Finally, the model is trained by feeding all of these features to it and allowing it to crunch the numbers and find patterns
and clusters in the data. When the features of a file with an unknown label are presented to the model, it can return a
confidence score of how similar these features are to those of the malicious and benign sets. These concepts underpin
VirusScope, Comodo’s file and behavioral analysis engine residing on the local client.

Comodo VirusScope™

Comodo AEP includes VirusScope™ on the local level applies machine learning and algorithmic based
detection – in essence‚ math – using multiple techniques such as vector machines‚ naïve bayes‚
decision trees‚ random forest classifier‚ linear discriminant analysis‚ stochastic gradient descent‚
hidden markov models‚ neural networks and more. VirusScope uses these recognizers to analyze behavior and actions indicating
malicious intent or behavior‚ and thus a pending attack. By default‚ VirusScope employs machine learning only inside
of the container. However‚ VirusScope may also be enabled‚ by profile‚ to monitor the entire system both inside
and outside of Automatic Containment™. Machine learning is able to identify both escape attempts from inside the
container and in a hypothetical case of escape from outside of the container – again‚ providing IT with detection‚
protection and notification of the incident.